stackoom
  简体   繁体   中英

Check for IP address in table - mySQL PHP

 原文  2011-09-28 13:33:03       php/ mysql/ forms

Question

Alright. I have this contest signup form with 3 fields that inserts it into a mySQL DB... as well as emailing it. I am adding this code that will check the form for the users current IP, and disallow the submission if it exists.

This seems to be executing without error now... but it allows multiple submissions from the same IP. Anything jump out as incorrect?

FULL CODE BELOW: 

<?php //include the connection file

require_once('connection.php');


function sanitize($value, $type)
{
$value = (!get_magic_quotes_gpc()) ? addslashes($value) : $value;

switch ($type) {
case "text":
$value = ($value != "") ? "'" . $value . "'" : "NULL";
break;
case "long":
case "int":
$value = ($value != "") ? intval($value) : "NULL";
break;
case "double":
  $value = ($value != "") ? "'" . doubleval($value) . "'" : "NULL";
  break;
case "date":
  $value = ($value != "") ? "'" . $value . "'" : "NULL";
  break;
}

return $value;
}

//save the data on the DB and send the email

if(isset($_POST['action']) && $_POST['action'] == 'submitform')
{
//recieve the variables

$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$ip = gethostbyname($_SERVER['REMOTE_ADDR']);

mysql_select_db($database, $connection);
$QUERY = "SELECT COUNT(IP) AS `count` FROM `contest` WHERE IP = 'value'";
$RESULT = mysql_query($QUERY) or die(mysql_error());

// Read the firs row
$row = mysql_fetch_assoc($RESULT);

// Check how many rows MySQL counted
if($row['count'] > 0) {
echo "value already exists";
}
else {

//save the data on the DB

mysql_select_db($database, $connection);

$insert_query = sprintf("INSERT INTO contest (First_Name, Last_Name, Email_Address, Date, ip) VALUES (%s, %s, %s, NOW(), %s)",
                        sanitize($firstname, "text"),
                        sanitize($lastname, "text"),
                        sanitize($email, "text"),
                        sanitize($ip, "text"));

$result = mysql_query($insert_query, $connection) or die(mysql_error());

if($result)
{
    //send the email

    $to = "EMAIL ADDY";
    $subject = "SUBJECT LINE";

    //headers and subject
    $headers  = "MIME-Version: 1.0rn";
    $headers .= "Content-type: text/html; charset=iso-8859-1rn";
    $headers .= "From: ".$firstname." <".$email.">rn";

    $body = "New contact
";
    $body .= "First Name: ".$firstname."
";
    $body .= "Last Name: ".$lastname."
";
    $body .= "Email: ".$email."
";
    $body .= "IP: ".$ip."
";

    mail($to, $subject, $body, $headers);

    //ok message

    header ('Location: thanks.html');
    exit ();
}
}
}

?>

1 answers

solution1
 -1 ACCPTED  2011-09-28 13:35:29

You need to use backticks instead of single quotes to escape table names/reserved words: 

$QUERY = "SELECT COUNT(IP) AS `count` FROM `contest` WHERE IP = 'value'";

Also if your IP column is string you need to enclose the value for that in single quotes :-)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question PHP Check if IP Address is in a range of IP Addresses PHP/MYSQL IP Check/Logger PHP Check subdomain sensitive to IP address PHP: how to check ip address of the script invoker PHP: IP address Check in text file How to check my own ip address in php How to check if an IP address is active or dead ? with php Mysql compare IP address from table php mysql brute force protection with ip address php mysql loop insert IP Address block
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM